Cyber Resilience

CVE-2026-24832

Critical

Published: 27 January 2026

Published
27 January 2026
Modified
05 February 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0028 19.4th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-24832 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Ixray-Team Ix-Ray Engine 1.6. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 19.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-24832 is an Out-of-bounds Write vulnerability (CWE-787) in ixray-team's ixray-1.6-stcop software. This issue affects ixray-1.6-stcop versions before 1.3. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical due to its potential for severe impact.

A remote attacker can exploit this vulnerability over the network with low attack complexity, requiring no privileges or user interaction. Successful exploitation enables high-impact consequences on confidentiality, integrity, and availability.

The referenced GitHub pull request at https://github.com/ixray-team/ixray-1.6-stcop/pull/257 addresses this vulnerability, indicating that updating to ixray-1.6-stcop version 1.3 or later mitigates the issue.

EU & UK References

Vulnerability details

Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unauthenticated remote out-of-bounds write (CWE-787) with CVSS 9.8 AV:N/PR:N/UI:N directly enables exploitation of a public-facing application for RCE or similar impact.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24870Same product: Ixray-Team Ix-Ray Engine 1.6
CVE-2026-24831Same product: Ixray-Team Ix-Ray Engine 1.6
CVE-2025-27807Shared CWE-787
CVE-2024-48856Shared CWE-787
CVE-2025-14234Shared CWE-787
CVE-2018-25223Shared CWE-787
CVE-2018-25154Shared CWE-787
CVE-2024-57704Shared CWE-787
CVE-2025-29384Shared CWE-787
CVE-2024-12648Shared CWE-787

Affected Assets

ixray-team
ix-ray engine 1.6
≤ 1.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely identification, reporting, and patching of the out-of-bounds write flaw in ixray-1.6-stcop versions before 1.3.

prevent

Provides runtime memory protections like ASLR, DEP, and stack canaries to block exploitation of the out-of-bounds write vulnerability.

detect

Requires vulnerability scanning to identify and prioritize systems running vulnerable ixray-1.6-stcop versions before 1.3.

References